3030

3030

关注
发信
关注(28)粉丝(399)

node.js - Certbot-如何为IP:3030创建SSL证书和 key ?

我有一个仅在端口3030的IP地址上运行的ExpressJS应用。

如何为这种类型的地址创建SSL证书和密钥?

我尝试过:

$ certbot certonly --standalone --email [email protected] -d 127.0.1.1:3030

我收到此错误:

Requested domain 127.0.1.1:3030 is not a FQDN

有任何想法吗?

这是我使用的package-certbot。

这是我的ExpressJS bin目录中的www文件:

#!/usr/bin/env node

/**
 * Module dependencies.
 */

var app = require('../app');
var debug = require('debug')('mongoose-iot:server');
var http = require('http');

// Add HTTPS support.
// https://www.hacksparrow.com/express-js-https.html
// http://stackoverflow.com/questions/11744975/enabling-https-on-express-js
// http://blog.mgechev.com/2014/02/19/create-https-tls-ssl-application-with-express-nodejs/
var https = require('https');
var fs = require('fs');

/**
 * Get port from environment and store in Express.
 */

var port = normalizePort(process.env.PORT || '3000');
app.set('port', port);

/**
 * Create HTTP server.
 */

var server = http.createServer(app);

/**
 * Listen on provided port, on all network interfaces.
 */

server.listen(port);
server.on('error', onError);
server.on('listening', onListening);

/**
 * Get port from environment and store in Express.
 */

var httpsPort = normalizePort(process.env.PORT || '3030');
app.set('port', httpsPort);

/**
 * Create HTTPS server.
 */

 var options = {
  key: fs.readFileSync('ssl/key.pem'),
  cert: fs.readFileSync('ssl/cert.pem')
};

var httpsServer = https.createServer(options, app);

/**
 * Listen on provided port, on all network interfaces.
 */

httpsServer.listen(httpsPort);
httpsServer.on('error', onError);
httpsServer.on('listening', onListening);

/**
 * Normalize a port into a number, string, or false.
 */

function normalizePort(val) {
  var port = parseInt(val, 10);

  if (isNaN(port)) {
    // named pipe
    return val;
  }

  if (port >= 0) {
    // port number
    return port;
  }

  return false;
}

/**
 * Event listener for HTTP server "error" event.
 */

function onError(error) {
  if (error.syscall !== 'listen') {
    throw error;
  }

  var bind = typeof port === 'string'
    ? 'Pipe ' + port
    : 'Port ' + port;

  // handle specific listen errors with friendly messages
  switch (error.code) {
    case 'EACCES':
      console.error(bind + ' requires elevated privileges');
      process.exit(1);
      break;
    case 'EADDRINUSE':
      console.error(bind + ' is already in use');
      process.exit(1);
      break;
    default:
      throw error;
  }
}

/**
 * Event listener for HTTP server "listening" event.
 */

function onListening() {
  var addr = server.address();
  var bind = typeof addr === 'string'
    ? 'pipe ' + addr
    : 'port ' + addr.port;
  debug('Listening on ' + bind);
}

最佳答案

问题在于,letsencrypt ssl证书用于域名,与IP地址或端口没有太大关系。您必须具有有效且可公开访问的域名,以便Letencrypt授权服务器可以对其进行验证。

在这种情况下,通常的做法是在开发中使用http(而不是https),并使用简单的检查方法,例如:

if (process.env.NODE_ENV === "production") {
   // httpsServer.listen(httpsPort)
} else {
   // ...
}

08-18 23:49
Powered by LMLPHP ©2024 3030 0.040285